cvelistv5 - CVE-2016-7054

Source	URL	Tags
openssl-security@openssl.org	http://www.securityfocus.com/bid/94238	Third Party Advisory, VDB Entry
openssl-security@openssl.org	http://www.securitytracker.com/id/1037261
openssl-security@openssl.org	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us
openssl-security@openssl.org	https://www.exploit-db.com/exploits/40899/
openssl-security@openssl.org	https://www.openssl.org/news/secadv/20161110.txt	Patch, Vendor Advisory

Vendor	Product
OpenSSL	OpenSSL

wid-sec-w-2024-0208

Vulnerability from csaf_certbund

Published

2016-11-10 23:00

Modified

2024-01-29 23:00

Summary

OpenSSL: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

OpenSSL ist eine im Quelltext frei verfügbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in OpenSSL ausnutzen, um einen Denial of Service Angriff oder einen Angriff mit nicht spezifizierten Auswirkungen durchzuführen.

Betroffene Betriebssysteme

- UNIX - Linux - Windows - CISCO Appliance - Juniper Appliance - Appliance

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "OpenSSL ist eine im Quelltext frei verf\u00fcgbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in OpenSSL ausnutzen, um einen Denial of Service Angriff oder einen Angriff mit nicht spezifizierten Auswirkungen durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows\n- CISCO Appliance\n- Juniper Appliance\n- Appliance",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0208 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2016/wid-sec-w-2024-0208.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0208 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0208"
      },
      {
        "category": "external",
        "summary": "OpenSSL Security Advisory vom 2016-11-10",
        "url": "http://www.openssl.org/news/secadv/20161110.txt"
      },
      {
        "category": "external",
        "summary": "Cisco Security Advisory cisco-sa-20161114-openssl  vom 2016-11-20",
        "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl"
      },
      {
        "category": "external",
        "summary": "BLUECOAT Security Advisory SA135 vom 2016-12-01",
        "url": "https://bto.bluecoat.com/security-advisory/sa135"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3181-1 vom 2017-01-31",
        "url": "http://www.ubuntu.com/usn/usn-3181-1/"
      },
      {
        "category": "external",
        "summary": "Tenable Advisory ID: TNS-2017-03",
        "url": "https://www.tenable.com/security/tns-2017-03"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K43570545 vom 2017-02-03",
        "url": "https://support.f5.com/csp/article/K43570545"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:0431-1 vom 2017-02-09",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170431-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:0441-1 vom 2017-02-11",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170441-1.html"
      },
      {
        "category": "external",
        "summary": "NetApp Advisory NTAP-20170127-0001",
        "url": "https://kb.netapp.com/support/s/article/ka51A00000007AWQAY/NTAP-20170127-0001?language=en_US"
      },
      {
        "category": "external",
        "summary": "FreeBSD Security Advisory: FreeBSD-SA-17:02.openssl",
        "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:02.openssl.asc"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:0855-1 vom 2017-03-29",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170855-1.html"
      },
      {
        "category": "external",
        "summary": "Brocade Security Advisory BSA-2016-206 vom 2017-04-03",
        "url": "http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2016-206.htm"
      },
      {
        "category": "external",
        "summary": "Brocade Security Advisory BSA-2016-205 vom 2017-04-03",
        "url": "http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2016-205.htm"
      },
      {
        "category": "external",
        "summary": "Brocade Security Advisory BSA-2016-207 vom 2017-04-03",
        "url": "http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2016-207.htm"
      },
      {
        "category": "external",
        "summary": "HPE Security Bulletin HPESBHF03744",
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03744en_us"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin JSA10775 vom 2017-07-12",
        "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10775"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2018:2185 vom 2018-07-13",
        "url": "https://access.redhat.com/errata/RHSA-2018:2185"
      },
      {
        "category": "external",
        "summary": "FortiGuard Labs OpenSSL Security Advisory",
        "url": "https://fortiguard.com/psirt/FG-IR-17-019"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisory JSA10990 vom 2020-01-08",
        "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10990\u0026actp=RSS"
      },
      {
        "category": "external",
        "summary": "Dell Knowledge Base Article",
        "url": "https://www.dell.com/support/kbdoc/en-us/000221474/dsa-2024-059-security-update-for-dell-networker-multiple-components-vulnerabilities"
      }
    ],
    "source_lang": "en-US",
    "title": "OpenSSL: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-01-29T23:00:00.000+00:00",
      "generator": {
        "date": "2024-02-15T17:58:03.466+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2024-0208",
      "initial_release_date": "2016-11-10T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2016-11-10T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initial Release"
        },
        {
          "date": "2016-11-10T23:00:00.000+00:00",
          "number": "2",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-11-10T23:00:00.000+00:00",
          "number": "3",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-11-10T23:00:00.000+00:00",
          "number": "4",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-11-10T23:00:00.000+00:00",
          "number": "5",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-11-10T23:00:00.000+00:00",
          "number": "6",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-11-10T23:00:00.000+00:00",
          "number": "7",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-11-30T23:00:00.000+00:00",
          "number": "8",
          "summary": "New remediations available"
        },
        {
          "date": "2017-01-31T23:00:00.000+00:00",
          "number": "9",
          "summary": "New remediations available"
        },
        {
          "date": "2017-02-02T23:00:00.000+00:00",
          "number": "10",
          "summary": "New remediations available"
        },
        {
          "date": "2017-02-05T23:00:00.000+00:00",
          "number": "11",
          "summary": "New remediations available"
        },
        {
          "date": "2017-02-09T23:00:00.000+00:00",
          "number": "12",
          "summary": "New remediations available"
        },
        {
          "date": "2017-02-12T23:00:00.000+00:00",
          "number": "13",
          "summary": "New remediations available"
        },
        {
          "date": "2017-02-19T23:00:00.000+00:00",
          "number": "14",
          "summary": "New remediations available"
        },
        {
          "date": "2017-02-19T23:00:00.000+00:00",
          "number": "15",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2017-02-22T23:00:00.000+00:00",
          "number": "16",
          "summary": "New remediations available"
        },
        {
          "date": "2017-03-30T22:00:00.000+00:00",
          "number": "17",
          "summary": "New remediations available"
        },
        {
          "date": "2017-04-03T22:00:00.000+00:00",
          "number": "18",
          "summary": "New remediations available"
        },
        {
          "date": "2017-05-22T22:00:00.000+00:00",
          "number": "19",
          "summary": "New remediations available"
        },
        {
          "date": "2017-05-22T22:00:00.000+00:00",
          "number": "20",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2017-07-12T22:00:00.000+00:00",
          "number": "21",
          "summary": "New remediations available"
        },
        {
          "date": "2017-07-12T22:00:00.000+00:00",
          "number": "22",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2018-07-12T22:00:00.000+00:00",
          "number": "23",
          "summary": "New remediations available"
        },
        {
          "date": "2018-07-15T22:00:00.000+00:00",
          "number": "24",
          "summary": "New remediations available"
        },
        {
          "date": "2018-07-15T22:00:00.000+00:00",
          "number": "25",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2020-01-08T23:00:00.000+00:00",
          "number": "26",
          "summary": "Neue Updates von Juniper aufgenommen"
        },
        {
          "date": "2020-01-08T23:00:00.000+00:00",
          "number": "27",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2020-01-08T23:00:00.000+00:00",
          "number": "28",
          "summary": "Added references"
        },
        {
          "date": "2024-01-25T23:00:00.000+00:00",
          "number": "29",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2024-01-29T23:00:00.000+00:00",
          "number": "30",
          "summary": "Schreibfehler korrigiert"
        }
      ],
      "status": "final",
      "version": "30"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Cisco IOS XR",
            "product": {
              "name": "Cisco IOS XR",
              "product_id": "2062",
              "product_identification_helper": {
                "cpe": "cpe:/o:cisco:ios_xr:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Network Analysis Module",
            "product": {
              "name": "Cisco Network Analysis Module",
              "product_id": "2084",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:network_analysis_module:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Security Manager (CSM)",
            "product": {
              "name": "Cisco Security Manager (CSM)",
              "product_id": "95918",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:security_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Unified Communications Manager (CUCM)",
            "product": {
              "name": "Cisco Unified Communications Manager (CUCM)",
              "product_id": "2142",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:unified_communications_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Unified Contact Center Enterprise",
            "product": {
              "name": "Cisco Unified Contact Center Enterprise",
              "product_id": "2143",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:unified_contact_center_enterprise:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Unified IP Phone",
            "product": {
              "name": "Cisco Unified IP Phone",
              "product_id": "T001530",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:unified_ip_phones:::9900_series"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Unity Connection",
            "product": {
              "name": "Cisco Unity Connection",
              "product_id": "161504",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:unity_connection:1.1"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco WebEx Meetings Server",
            "product": {
              "name": "Cisco WebEx Meetings Server",
              "product_id": "T001160",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:webex_meetings_server:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Wide Area Application Services",
            "product": {
              "name": "Cisco Wide Area Application Services",
              "product_id": "2186",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:wide_area_application_services:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Dell NetWorker \u003c 19.10",
            "product": {
              "name": "Dell NetWorker \u003c 19.10",
              "product_id": "T032354",
              "product_identification_helper": {
                "cpe": "cpe:/a:dell:networker:19.10"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Fortinet FortiOS \u003c 5.6.0",
                "product": {
                  "name": "Fortinet FortiOS \u003c 5.6.0",
                  "product_id": "T010101",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:fortinet:fortios:5.6.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Fortinet FortiOS \u003c 5.4.6",
                "product": {
                  "name": "Fortinet FortiOS \u003c 5.4.6",
                  "product_id": "T011155",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:fortinet:fortios:5.4.6"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FortiOS"
          }
        ],
        "category": "vendor",
        "name": "Fortinet"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "FreeBSD Project FreeBSD OS",
            "product": {
              "name": "FreeBSD Project FreeBSD OS",
              "product_id": "4035",
              "product_identification_helper": {
                "cpe": "cpe:/o:freebsd:freebsd:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "FreeBSD Project"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "HPE Intelligent Management Center (IMC) \u003c 7.3 E0504P04",
            "product": {
              "name": "HPE Intelligent Management Center (IMC) \u003c 7.3 E0504P04",
              "product_id": "T009902",
              "product_identification_helper": {
                "cpe": "cpe:/a:hp:intelligent_management_center:7.3e0504p04"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "HPE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Juniper JUNOS",
            "product": {
              "name": "Juniper JUNOS",
              "product_id": "5930",
              "product_identification_helper": {
                "cpe": "cpe:/o:juniper:junos:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Juniper"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "NetApp OnCommand Unified Manager",
            "product": {
              "name": "NetApp OnCommand Unified Manager",
              "product_id": "T009408",
              "product_identification_helper": {
                "cpe": "cpe:/a:netapp:oncommand_unified_manager:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "NetApp"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source OpenSSL \u003c 1.1.0c",
            "product": {
              "name": "Open Source OpenSSL \u003c 1.1.0c",
              "product_id": "T008912",
              "product_identification_helper": {
                "cpe": "cpe:/a:openssl:openssl:1.1.0c"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Cisco TelePresence Server",
            "product": {
              "name": "Cisco TelePresence Server",
              "product_id": "T001033",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:telepresence_server:2.2"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco TelePresence SX20",
            "product": {
              "name": "Cisco TelePresence SX20",
              "product_id": "T000641",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:telepresence_sx20:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco TelePresence System EX Series",
            "product": {
              "name": "Cisco TelePresence System EX Series",
              "product_id": "T000640",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:telepresence_system_ex_series:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Video Surveillance",
            "product": {
              "name": "Cisco Video Surveillance",
              "product_id": "64489",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:video_surveillance_ip_gateway_encoder_decoder:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "cisco"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-7053",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in OpenSSL. Die Schwachstelle beruht auf einem Fehler bei der Verarbeitung von ASN.1 CHOICE Typen. Ein Angreifer kann dies durch \u00dcbermittlung geeignet gestalteter Daten f\u00fcr einen Denial of Service Angriff nutzen."
        }
      ],
      "product_status": {
        "known_affected": [
          "161504",
          "T001160",
          "T009408",
          "67646",
          "64489",
          "4035",
          "2143",
          "2142",
          "2186",
          "2084",
          "2062",
          "T032354",
          "T002207",
          "T000126",
          "95918",
          "T000641",
          "5930",
          "T000640",
          "T001530",
          "T001033"
        ]
      },
      "release_date": "2016-11-10T23:00:00Z",
      "title": "CVE-2016-7053"
    },
    {
      "cve": "CVE-2016-7054",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in OpenSSL. Die Schwachstelle betrifft TSL Verbindungen, welche die *-CHACHA20-POLY1305 Ciphersuites nutzen. Ein Angreifer kann durch \u00dcbermitteln geeignet gestalteter Daten einen Denial of Service hervorrufen."
        }
      ],
      "product_status": {
        "known_affected": [
          "161504",
          "T001160",
          "67646",
          "64489",
          "2143",
          "2142",
          "2186",
          "2084",
          "2062",
          "T032354",
          "T002207",
          "T000126",
          "95918",
          "T000641",
          "T000640",
          "T001530",
          "T001033"
        ]
      },
      "release_date": "2016-11-10T23:00:00Z",
      "title": "CVE-2016-7054"
    },
    {
      "cve": "CVE-2016-7055",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in OpenSSL. Die Schwachstelle beruht auf einem Fehler in der Broadwell-spezifischen Montgomery Multiplikations Prozedur. Ein Angreifer kann dieses zu einem Angriff mit unbekannten Answirkungen nutzen."
        }
      ],
      "product_status": {
        "known_affected": [
          "161504",
          "T001160",
          "T009408",
          "67646",
          "64489",
          "4035",
          "2143",
          "2142",
          "2186",
          "2084",
          "2062",
          "T032354",
          "T002207",
          "T000126",
          "95918",
          "T000641",
          "5930",
          "T000640",
          "T001530",
          "T001033"
        ]
      },
      "release_date": "2016-11-10T23:00:00Z",
      "title": "CVE-2016-7055"
    }
  ]
}

ghsa-3rqr-v2gc-jxp4

Vulnerability from github

Published

2022-05-17 01:17

Modified

2022-05-17 01:17

Severity

7.5 (High) - CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-7054"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-05-04T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS.",
  "id": "GHSA-3rqr-v2gc-jxp4",
  "modified": "2022-05-17T01:17:43Z",
  "published": "2022-05-17T01:17:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7054"
    },
    {
      "type": "WEB",
      "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03744en_us"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/40899"
    },
    {
      "type": "WEB",
      "url": "https://www.openssl.org/news/secadv/20161110.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94238"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037261"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2016-7054

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS.

Aliases

CVE-2016-7054

Aliases

CVE-2016-7054

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-7054",
    "description": "In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS.",
    "id": "GSD-2016-7054",
    "references": [
      "https://www.suse.com/security/cve/CVE-2016-7054.html",
      "https://security.archlinux.org/CVE-2016-7054"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-7054"
      ],
      "details": "In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS.",
      "id": "GSD-2016-7054",
      "modified": "2023-12-13T01:21:20.391229Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "openssl-security@openssl.org",
        "DATE_PUBLIC": "2016-11-10",
        "ID": "CVE-2016-7054",
        "STATE": "PUBLIC",
        "TITLE": "ChaCha20/Poly1305 heap-buffer-overflow"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "OpenSSL",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "openssl-1.1.0"
                        },
                        {
                          "version_value": "openssl-1.1.0a"
                        },
                        {
                          "version_value": "openssl-1.1.0b"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "OpenSSL"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "Robert \u015awi\u0119cki (Google Security Team)"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS."
          }
        ]
      },
      "impact": [
        {
          "lang": "eng",
          "url": "https://www.openssl.org/policies/secpolicy.html#High",
          "value": "High"
        }
      ],
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "protocol error"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03744en_us",
            "refsource": "CONFIRM",
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03744en_us"
          },
          {
            "name": "94238",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/94238"
          },
          {
            "name": "https://www.openssl.org/news/secadv/20161110.txt",
            "refsource": "CONFIRM",
            "url": "https://www.openssl.org/news/secadv/20161110.txt"
          },
          {
            "name": "40899",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/40899/"
          },
          {
            "name": "1037261",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1037261"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "openssl-security@openssl.org",
          "ID": "CVE-2016-7054"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-284"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.openssl.org/news/secadv/20161110.txt",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://www.openssl.org/news/secadv/20161110.txt"
            },
            {
              "name": "94238",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/94238"
            },
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03744en_us",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03744en_us"
            },
            {
              "name": "1037261",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1037261"
            },
            {
              "name": "40899",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/40899/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2017-09-03T01:29Z",
      "publishedDate": "2017-05-04T19:29Z"
    }
  }
}

Action not permitted

CVE-2016-7054

Vulnerability from cvelistv5

wid-sec-w-2024-0208

Vulnerability from csaf_certbund

ghsa-3rqr-v2gc-jxp4

Vulnerability from github

gsd-2016-7054

Vulnerability from gsd

Tags